Getting Started with Kerberos

Sean Wu x_wu at yahoo.com
Mon Apr 22 13:45:28 EDT 2002 

Group,

I have difficulty in getting kerberos to work on Solaris 7.

I downloaded src distribution from MIT, k5-1.2.4. It was complied and
installed successfully. However, after editing /etc/krb5.conf and
/opt/local/var/krb5kdc/kdc.conf (The default installation dir is
/opt/local) according to adm guide, I was unable to run kadmin, and
the error message is

"Authenticating as principal xwu/admin at SUB.COMPANY.COM with password.
kadmin: Required parameters in kdc.conf missing while initializing
kadmin interface"

Anybody know what's going on here?

thanks.

Sean
================================================
/opt/local/var/krb5kdc/kdc.conf
================================================
[kdcdefaults]
        kdc_ports = 88,750
        kadmind_port = 749

[realms]
        SUB.COMPANY.COM = {
                kadmind_port = 749
                database_name = /opt/local/var/krb5kdc/principal
                admin_keytab =
FILE:/opt/local/var/krb5kdc/kadm5.keytab
                acl_file = /opt/local/var/krb5kdc/kadm5.acl
                key_stash_file =
/opt/local/var/krb5kdc/.k5.SUB.COMPANY.COM
                kdc_ports = 750,88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                master_key_type = des-cbc-crc
                supported_enctypes = des-cbc-crc:normal des:normal
des:v4 des:nore
alm des:onlyrealm des:afs3
                kdc_supported_enctypes = des-cbc-crc:normal des:normal
des:v4 des:
norealm des:onlyrealm des:afs3
        }

[logging]
        kdc = FILE:/opt/local/var/krb5kdc/kdc.log
        admin_server = FILE:/opt/local/var/krb5kdc/kadmin.log


================================================
/etc/krb5.conf
================================================
[libdefaults]
        default_realm = NET.CAPITALONE.COM
        default_tgs_enctypes = des-cbc-crc
        default_tkt_enctypes = des-cbc-crc
        krb4_config = /usr/kerberos/lib/krb.conf
        krb4_realms = /usr/kerberos/lib/krb.realms

[realms]
        ATHENA.MIT.EDU = {
                kdc = KERBEROS-2.MIT.EDU:88
                kdc = KERBEROS.MIT.EDU
                kdc = KERBEROS-1.MIT.EDU
                admin_server = KERBEROS.MIT.EDU
                default_domain = MIT.EDU
                v4_instance_convert = {
                        mit = mit.edu
                        lithium = lithium.lcs.mit.edu
                }
        }
        CYGNUS.COM = {
                kdc = KERBEROS.CYGNUS.COM
                kdc = KERBEROS-1.CYGNUS.COM
                admin_server = KERBEROS.MIT.EDU
        }
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                admin_server = kerberos.gnu.org
        }

[domain_realm]
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .ucsc.edu = CATS.UCSC.EDU

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

More information about the Kerberos mailing list